
Likelihood of attack minimal...
Right. TJX and Target were both protected networks, not exposed to the public, too.
VMware has released an update to its vSphere Client which addresses a potential – but hard to target – man-in-the-middle vulnerability for the virtualization tool. The company said that users running vSphere Client 4.0, 4.1, 5.0, and 5.1 for Windows were vulnerable to a flaw that allows the client to download and install …
Close. I've seen that page and other vmware KBs, but what I want is for vcenter 5.5 to continue to maintain its own sub-ca, but prompt me and ask if I'd like to sign the internal CA they're about to create, myself. What vmware provide (and have for several versions) is a kludge. It would be much simpler if they would simply ask: do you want to sign this CA yourself? If you don't want to be bothered and can accept that you'll continue to have to tell users to accept the certificate (that they've just been warned about) reinforcing the belief that they can just click on Firefox's, Chrome's and IE's warnings every time they see one. Otherwise you can download the CSR, sign it using your company's CA, and upload the cert.
This beef isn't limited to vmware. Splunk is similar, but I think I can using a single wildcard certificate to replace all of Splunk's certificates. And don't get me started on APC PDUs, unless you have solved this yourself and would like me to send you cash.
This can be done.
The latest code is a bit convoluted, so they released a tool to help you do it.
There is a blogger that also has done up a tool chain and his own detailed instructions for the last two versions.
Although I'm beginning to feel that just throwing it all behind a load balancer with SSL offload will be 100 times easier.